Re: pkg and root privileges

The thread on the forum was closed and deleted by moderators due to unsportsmanlike conduct of some very worried about security :-)

pkg indeed needs some review in terms of usage of superuser privileges, in my opinion. Not only fetch, but other parts too, fetch just being probably the most fragile in that sense.

Thanks for your attention.

Br. Niko

> On 28. Jul 2022, at 18.08, Baptiste Daroussin <bapt@FreeBSD.org> wrote:
> 
> On Tue, Jul 26, 2022 at 07:15:43PM +0300, niko.nastonen@icloud.com wrote:
>> Hi.
>> 
>> There was a recent discussion on the FreeBSD forum about security of pkg and its ability to drop root privileges when fetching packages.
>> 
>> I couldn’t help but notice that there was a git commit
>> 
>> fcceab3f with comment "drop privileges when using libfetch”
>> 
>> and another one
>> 
>> f3b0469e with comment "Stop dropping privileges when fetching as it causes more issues than it solved”.
>> 
>> Can I ask what kind of issues the first commit introduces and why pkg still goes out to the internet unprotected?
>> 
>> In case the issues are already solved by later commits, let me present a silly patch (mostly copied from fcceab3f) for branch "release-1.18” which makes fetch use nobody instead of root.
>> 
>> Feel free to modify it to match “the real BSD hacker standards, if applicable” :-)
>> 
> I am interested in the thread on the forum, if you can point it out to me.
> 
> The reason why it was dropped is because, libfetch allows to access many thing
> (like ~/.netrc but not only) and many users are using such features of libfetch.
> 
> I dropped the "drop of privileges" the time to work on libfetch to make it more
> friendly to the "drop of provileges" which I started but never finished.
> 
> Thank you for the reminder I will move that up on my TODO list for 1.19
> 
> Best regards,
> Bapt
>